May 30, 2013

Install nfsight plugin for nfsen on CentOS 6


Install nfsight plugin for nfsen netflow/sflow collector/analyser on CentOS 6 (and probably RedHat 6)

This was done with nfsen 1.3.6p1 and nfdump 1.6.6 -- i have not yet upgraded to any newer versions which may may be different.

This was one of the most difficult installations I've done to date.  I had attempted to do so at least twice if not thrice without success.  The key was to know about the chgrp command which I had not used before.  Also mysql was not something I was overly familiar with.  I attempted this task knowing I had failed in the past, but I also knew I had gained more Linux experience since those attempts.  I was very excited to succeed this time.

Here are my notes, because quite frankly I have not found any hints online other than the official installation guide which is bare minimum.

Please comment, especially if you find errors or know better solutions.  Enjoy.

Edit: newer nfsight version available: nfsight-beta-20140905.tgz ; just replace references.

######################################################
### Install nfsight plugin for nfsen on CentOS 6.4 ###
### http://sourceforge.net/p/nfsight/home/Nfsight/ ###
### Prerequisite: nfsen/nfdump already operational ###
######################################################

#################################################################
### Your nfsen and webserver directories may indeed be different.
### Apply settings as they pertain to your directory structure.
###
### My server's configuration:
### nfsen installed to /usr/local/nfsen
### nfsen website installed to /var/www/html/nfsen
### website owner=root, group=apache
###
### All commands performed as root.
#################################################################

### install prerequisites
yum install mysql mysql-server perl-DBI perl-DBD-MySQL php-mysql

### download and untar nfsight v.20130323
cd ~
wget http://sourceforge.net/projects/nfsight/files/nfsight-beta-20130323.tgz/download
tar xvfz nfsight-beta-20130323.tgz
cd ~/nfsight-beta-20130323

### following http://sourceforge.net/p/nfsight/wiki/Installation/

### copy nfsight.pm to plugins directory
cp ~/nfsight-beta-20130323/backend/nfsight.pm /usr/local/nfsen/plugins/

### make nfsight data directory and set rights
mkdir /var/www/html/nfsen/plugins/nfsight
chgrp -R apache /var/www/html/nfsen/plugins/nfsight

### make nfsight website directory
mkdir /var/www/html/nfsen/nfsight

### copy frontend to nfsight website directory
cp -R ~/nfsight-beta-20130323/frontend/* /var/www/html/nfsen/nfsight/

### set rights to nfsight website
chgrp -R apache /var/www/html/nfsen/nfsight/

### unsure if necessary - set write permissions for apache
chmod g+w /var/www/html/nfsen/nfsight/
chmod g+w /var/www/html/nfsen/plugins/nfsight
### if nothing else apache must write config.php
### touch /var/www/html/nfsen/nfsight/config.php
### chmod g+w /var/www/html/nfsen/nfsight/config.php

### install mysql service and start it 
yum install chkconfig 
chkconfig mysqld on
service mysqld start

### first time setup of mysql
/usr/bin/mysql_secure_installation


#################################################################
### create nfsight database -- probably overkill but this worked
#################################################################
mysql -u root -p 
Enter password: 

mysql> CREATE DATABASE nfsight

mysql> GRANT ALL PRIVILEGES ON nfsight.* TO root@'%' IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.00 sec)

mysql> grant all privileges on nfsight.* TO root@localhost IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.00 sec)

mysql> GRANT ALL PRIVILEGES ON nfsight.* TO 'root'@'%' WITH GRANT OPTION;
Query OK, 0 rows affected (0.00 sec)

mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)

mysql> quit
Bye

#################################################################
### launch http://yourserver/nfsight/installer.php
### 
### setup as you desire including proper paths:
### URL = /nfsight/
### Path to data files = /var/www/html/nfsen/plugins/nfsight
#################################################################

#################################################################
### settings can be edited later without installer.php: 
### nano /var/www/html/nfsen/nfsight/config.php
### nano /var/www/html/nfsen/nfsight/detail.php
#################################################################

#################################################################
### edit detail.php to include proper paths:
### /bin/grep
### /bin/cat
### /usr/bin/pcv
#################################################################
nano /var/www/html/nfsen/nfsight/detail.php


#################################################################
### edit /usr/local/nfsen/etc/nfsen.conf
### add settings as output by installer.php
### 
### your setting may vary:
#################################################################
@plugins = (
[ '*', 'nfsight' ],
);

%PluginConf = (\
nfsight => {
            path => "/var/www/html/nfsen/plugins/nfsight",
                expiration => "180",
                processing_timer => "",
                network => {
                        "10.0.0.0" => "8",
                },
                scanner_limit => "5",
                bidirectional_via_nfdump => "",
                print_int_scanner => "1",
                print_ext_scanner => "1",
                print_int_client => "0",
                print_ext_client => "0",
                print_int_server => "1",
                print_ext_server => "0",
                print_int_invalid => "0",
                print_ext_invalid => "0",
                sql_host => "localhost",
                sql_port => "3306",
                sql_user => "root",
                sql_pass => "password",
                sql_db => "nfsight",
        },

);
#################################################################

### restart nfsen
/usr/local/nfsen/bin/nfsen stop
/usr/local/nfsen/bin/nfsen start
/usr/local/nfsen/bin/nfsen status

### edit cron jobs as decribed from installer.php
crontab -e
06 * * * *  /usr/bin/wget --no-check-certificate -q -O - http://management:aggregate@127.0.0.1/nfsight/aggregate.php


#################################################################
### optional: install picviz
#################################################################
### picviz 0.6-8 has only one dependency issue in CentOS 6.4
### picviz 0.6-8 requires libev available in the EPEL repository
### What is EPEL?: https://fedoraproject.org/wiki/EPEL
#################################################################

### Install the EPEL repository 
### This is the 64-bit version, you may need to locate the 32-bit version
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

### install picviz prerequisite libev from EPEL
yum install libev

### install picviz 0.6-8 64-bit
wget https://depots.global-sp.net/CentOS/6/x86_64/picviz-0.6-8.el6.x86_64.rpm
rpm -i picviz-0.6-8.el6.x86_64.rpm 
wget https://depots.global-sp.net/CentOS/6/x86_64/picviz-plugin-pngcairo-0.6-8.el6.x86_64.rpm
rpm -i picviz-plugin-pngcairo-0.6-8.el6.x86_64.rpm 

### fix errors decribed by nfsight regarding picviz
chmod g+w /var/www/html/nfsen/nfsight/cache
chmod g+x /var/www/html/nfsen/nfsight/bin/biflow2picviz.pl

---------------

Please consider crypto tipping:
  

May 17, 2013

psexec via linux



Best source for Debian derivatives: https://software.opensuse.org/package/winexe
Best source for RH derivatives: https://pkgs.org/search/?q=winexe

I often use sysinternals'  psexec during my windows management routines; however, i'd often wish i could do such from my linux desktop rather than my windows vm.  Thanks to an updated "winexe" hosted at http://sourceforge.net/p/winexe/wiki/Home/ "psexec in linux" is possible.

In your debian, or ubuntu based distro add the following repository to /etc/apt/sources.list :
deb http://repo.openpcf.org/repository/ext/openpcf/ubuntu/ precise main

Then add the repo's public key and update/install: (As of this writing, it is version 1.00 and they are developing v1.1)
wget http://repo.openpcf.org/repository/ext/openpcf/openpcf.org-repo-public-key-C6E91526.asc
sudo apt-key add ./openpcf.org-repo-public-key-C6E91526.asc
sudo apt-get update
sudo apt-get install winexe

As with the windows utility psexec.exe, the target must be configured appropriately.  Specifically read the following if necessary:
1) http://forum.sysinternals.com/psexec-could-not-start_topic3698_post11962.html#11962
2) http://jamesrayanderson.blogspot.com/2010/04/psexec-and-ports.html

Lets test it by listing processes on the target:
winexe -U USERNAME //HOSTNAMEorIP "tasklist"

The utility should ask for the password and display results:
Password for [WORKGROUP\USERNAME]:

Image Name                   PID Session Name     Session#    Mem Usage
========================= ====== ================ ======== ============
System Idle Process            0 Console                 0         28 K
System                         4 Console                 0         72 K
smss.exe                     712 Console                 0        268 K
csrss.exe                    800 Console                 0      1,488 K
winlogon.exe                 824 Console                 0      4,892 K
services.exe                 868 Console                 0      2,228 K
lsass.exe                    880 Console                 0      1,876 K
vmacthlp.exe                1084 Console                 0        152 K
svchost.exe                 1100 Console                 0      2,328 K
PresentationFontCache.exe   1168 Console                 0      1,024 K
svchost.exe                 1196 Console                 0      1,676 K
svchost.exe                 1320 Console                 0     32,768 K
svchost.exe                 1412 Console                 0      2,576 K
svchost.exe                 1436 Console                 0        368 K
svchost.exe                 1508 Console                 0      1,440 K
svchost.exe                 1568 Console                 0      1,368 K
svchost.exe                 1912 Console                 0        272 K
alg.exe                     1956 Console                 0        280 K
svchost.exe                  584 Console                 0        384 K
ramaint.exe                 1296 Console                 0        424 K
SntpClient.exe              2796 Console                 0      1,416 K
dllhost.exe                 2892 Console                 0        360 K
vmtoolsd.exe                3260 Console                 0      2,708 K
vmware-usbarbitrator.exe    3368 Console                 0        388 K
vssvc.exe                   3436 Console                 0        188 K
SDUpdSvc.exe                3488 Console                 0        800 K
dllhost.exe                 2472 Console                 0      1,040 K
logon.scr                   4080 Console                 0        252 K
csrss.exe                   4024                         1      2,340 K
winlogon.exe                 404                         1      5,684 K
[etc]

When running programs that take parameters, remember to use quotes.
Lets test this by running a ping-to-self on the target.  Execute the utility including quotation marks:
winexe -U USERNAME //HOSTNAMEorIP "ping -n 1 127.0.0.1"

The above produces:
Password for [WORKGROUP\USERNAME]:

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms ttl=128
Ping statistics for 127.0.0.1:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

For domain accounts, i've found that you need to escape your domain username in this fashion: (notice the double-slashed username )
winexe -U DOMAIN\\username //HOSTNAMEorIP "commandline"

Be warned though, as also true with psexec, your password may be passed as plain text over the network.

~~~
As always, Good Luck!

Please consider crypto tipping:
  

May 16, 2013

setting xdg-mime defaults

Often in Linux a mime-type has the wrong application associated with it. Here i will share a short script I found hiding online (thanks to "aleb") that will assist in both finding your options and setting your defaults.

Please read http://budts.be/weblog/2011/07/xdf-open-vs-exo-open first.

If you've read the link you understand xdg-open should work on any Desktop Environment. You may however wish to alter this article for your specific D.E.

First is a script that will display every app option for every mime-type on your system.
#!/bin/sh
for dd in /usr/share/applications ~/.local/share/applications; do
 for d in $(ls $dd 2>/dev/null | grep "\\.desktop$" 2>/dev/null); do
  for m in $(grep MimeType $dd/$d | cut -d= -f2 | tr ";" " "); do
   echo xdg-mime default $d $m;
  done;
 done;
done;

To use this copy paste into a file named mimetypes.sh, then make it executable with chmod +x mimetypes.sh

Now run it: ./mimetypes.sh

You will of course see all options.

Suppose you only want to see video mime-types. Try: ./mimetypes | grep video

(Just ignore any output that begins with "grep:", the usefull ones are only the ones that begin with "xdg-mime".)

Now suppose you have vlc installed and it is the only video player you want as a default. Highlight all the lines that contain vlc (the whole code block) from your results and paste them into the bash prompt. Voila, vlc is now your default player for all video mime-types.

Suppose you have firefox and you like it best. But for whatever reason chromium is still the default when launching links or html files.

Try: ./mimetypes.sh | grep html | grep firefox

you should see something like:
xdg-mime default firefox.desktop text/html
xdg-mime default firefox.desktop application/xhtml+xml


Copy those two lines and paste into your bash shell. Now Firefox should be your default.

--------
Please consider crypto tipping: